EIP-2026-102962
PRE-CVEPython 1.5/1.6/2.0/2.1.x - Pickle Class Constructor Arbitrary Code Execution
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-102962. PoCs published by Jeff Epler.
AI-analyzed exploit summary This exploit demonstrates a deserialization vulnerability in Python's Pickle module, allowing arbitrary command execution by crafting a malicious pickle string that invokes the `open` function during unpickling. The PoC creates a file `/tmp/pickle-bug` as proof of exploitation.
Description
Python 1.5/1.6/2.0/2.1.x - Pickle Class Constructor Arbitrary Code Execution
Exploits (1)
This exploit demonstrates a deserialization vulnerability in Python's Pickle module, allowing arbitrary command execution by crafting a malicious pickle string that invokes the `open` function during unpickling. The PoC creates a file `/tmp/pickle-bug` as proof of exploitation.